Jump to content
Welcome to our new Citrix community!

When configuring Netscaler as a SP in a SAML 2.0 configuration what should the User Field be for accepting email addresses?

Nick Fong 2

Recommended Posts

I am have a problem with Okta as an IDP and a Netscaler as SP. What is happening is that Okta is configured to pass User.Email to the Netscaler. However the Netscaler is configured to expect UserPrincipalName based on what is entered in the User Field. This fails because what is being passed to the storefront servers is a pre-windows 2000 login.

This is the error message I am getting in the event veiwer

CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed.

The credentials supplied were;

user: SrinivasTeja.Golla.Contractor

domain: stellar.local

The user name is doesn't match what is in AD because the user name is too long due to the Pre-Windows 2000 login.

Per the documentaion from Okta, Configure Netscaler with Okta, it states that it should be Name ID.(Not sure if the space is needed) I tried that and it's still passing the pre-windows 2000 to the storefront server.

The Saml Tracer logs says it's passing email. Is there something I need to configure on the Netscaler to accept emails. If I am using emails, does that mean I need to fill out everyone's e-mail attribute in AD to get this to work?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...